You Are Responsible For Your Privacy

I keep on hearing this defeatist tone when I talk to people about privacy in the internet age. “Privacy is dead”. I am ashamed to be guilty of this attitude myself. Ashamed, because in reality, privacy is not dead, it’s just a responsibility we’ve been neglecting. Privacy is not a right, it is a responsibility, your responsibility.

If you are genuinely worried about the fact that the western world is under mass surveillance, take action. When we choose to do nothing, it is still a choice, as none of us can claim ignorance to the fact that each time we send an email, it gets added to our personal file, as well as the personal file of our recipient. Carrying on as if nothing is happening is voluntary surrender. If that is the choice you make, you have no right to the freedom you demand.

Here are the tools at your disposal:

Anonymity Networks

The first technology I want to mention is anonymity networks. The biggest one is called Tor, another interesting one is I2P. You connect to the network with your computer, then use the internet through the network. The network routes your internet data, passing it from one computer to another. By the time the data reaches its destination, no one knows where it came from, but the server can still send a response back to you. Behold, an anonymized connection.

This network can also be used to host secret sites.

Using it is dead simple, just download the Tor Browser. Give it a try!

SSL

The green lock in your browser address bar means that your communication with the website is encrypted, visible only to you and the website. When the data is not encrypted, it is visible to anyone who cares to look. On the other hand, just because the data is encrypted, it doesn’t mean that it’s safe. The website can be selling it to other companies or giving it to the government. They have complete control over it.

Public-key Cryptography

You might imagine an encryption algorithm where you use the same password to encrypt and to decrypt a message. Well, these algorithms have their place, but for communication you need asymmetric keys, meaning one key to encrypt (public key) and another key to decrypt (private key). These keys are essentially two mathematically-related numbers that are generated by a computer.

Your public key is shared openly. Anyone can use it to encrypt a message that will only be readable by the owner of the private key — you. For people to have a two-way conversation they need to exchange their public keys. Having my public key, you can send me secrets, but I can’t reply until I have your public key.

This is the standard format for PGP keys, including the BEGIN and END tags. This format is used by all kinds of software, from email clients to NSA backdoors. You can have a single private key (stored securely) and use it in many different applications.

If you want to just use cryptography with Gmail, there is a nice plugin that I am currently using called Mailvelope. For Thunderbird, there is Enigmail. Both of these plugins will generate keys and store them along with the public keys of your recipients. They will also add some kind of encrypt and decrypt button to you email interface.

All these tools will offer you a chance to select a passphrase, this is not related to public key cryptography, it is just there to make sure your private key isn’t stored unprotected on your hard drive. It is an extra layer of security.

Even if you don’t adopt these technologies today, it is good to know about them and to spread the word. We are not powerless.